Skip to content

Commit

Permalink
Loading
Loading status checks…
Merge pull request #204 from UniNow/feature/image-pull-secrets-config…
Browse files Browse the repository at this point in the history 
…urable

feat: Adds possibility to set image pull secrets in all charts
@volodymyrZotov
volodymyrZotov authored Sep 9, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
2 parents 0d122a5 + e4507f2 commit afd7ff7
Showing 7 changed files with 41 additions and 13 deletions.
2 changes: 2 additions & 0 deletions charts/connect/README.md
View file
Original file line number Diff line number Diff line change
@@ -73,6 +73,7 @@ helm install --set connect.applicationName=connect connect ./connect
| connect.dataVolume.type | string | `"emptyDir"` | The type of the shared volume used between 1Password Connect Containers |
| connect.dataVolume.values | object | `{}` | Desribes the fields and values for configuration of shared volume for 1Password Connect |
| connect.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Connect API image pull policy |
| connect.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. |
| connect.ingress.annotations | object | `{}` | The 1Password Connect Ingress Annotations |
| connect.ingress.enabled | bool | `false` | The boolean value to enable/disable the 1Password Connect |
| connect.ingress.extraPaths | list | `[]` | Additional Ingress Paths |
@@ -118,6 +119,7 @@ helm install --set connect.applicationName=connect connect ./connect
| operator.create | boolean | `false` | Denotes whether the 1Password Operator will be deployed |
| operator.replicas | integer | `1` | The number of replicas to run the 1Password Operator deployment |
| operator.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Operator image pull policy |
| operator.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. |
| operator.imageRepository | string | `"1password/onepassword-operator"` | The 1Password Operator repository |
| operator.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the operator pod |
| operator.affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) rules for the Operator pod |
8 changes: 7 additions & 1 deletion charts/connect/templates/connect-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -91,7 +91,7 @@ spec:
- name: OP_LOG_LEVEL
value: "{{ .Values.connect.api.logLevel }}"
{{- include "onepassword-connect.profilerConfig" . | indent 12 -}}
{{- range .Values.connect.customEnvVars}}
{{- range .Values.connect.customEnvVars }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
@@ -173,4 +173,10 @@ spec:
mountPath: /data
subPath: profiler
{{- end }}
{{- with .Values.connect.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
10 changes: 8 additions & 2 deletions charts/connect/templates/operator-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -57,8 +57,8 @@ spec:
capabilities:
drop:
- all
command: ["/manager"]
args: [--zap-log-level={{ .Values.operator.logLevel }}]
command: [ "/manager" ]
args: [ --zap-log-level={{ .Values.operator.logLevel }}]
env:
- name: WATCH_NAMESPACE
value: {{ default "" (tpl (include "helm-toolkit.utils.joinListWithComma" .Values.operator.watchNamespace) .) }}
@@ -85,4 +85,10 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.operator.resources | nindent 12 }}
{{- with .Values.operator.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
6 changes: 6 additions & 0 deletions charts/connect/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -91,6 +91,9 @@ connect:
# The 1Password Connect API repository
imagePullPolicy: IfNotPresent

# List of secret names to use as image pull secrets. Secrets must exist in the same namespace.
imagePullSecrets: []

# The 1Password Connect version to pull
version: "{{ .Chart.AppVersion }}"

@@ -246,6 +249,9 @@ operator:
# The 1Password Operator image pull policy
imagePullPolicy: IfNotPresent

# List of secret names to use as image pull secrets. Secrets must exist in the same namespace.
imagePullSecrets: []

# The 1Password Operator repository
imageRepository: 1password/onepassword-operator

19 changes: 10 additions & 9 deletions charts/secrets-injector/README.md
View file
Original file line number Diff line number Diff line change
@@ -30,15 +30,16 @@ $ helm install --set injector.applicationName=injector injector ./secrets-inject

### Values

| Key | Type | Default | Description |
| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |
| Key | Type | Default | Description |
|---------------------------|---------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imagePullSecrets | array | `[]` | Global list of secret names to use as image pull secrets for all pod specs in the chart. Secrets must exist in the same namespace |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |

#### Custom Environment Variables

8 changes: 7 additions & 1 deletion charts/secrets-injector/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -35,8 +35,14 @@ spec:
{{- range .Values.injector.customEnvVars}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "/prestop.sh" ]
{{- with .Values.injector.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
1 change: 1 addition & 0 deletions charts/secrets-injector/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
injector:
applicationName: secrets-injector
imagePullPolicy: IfNotPresent
imagePullSecrets: []
imageRepository: 1password/kubernetes-secrets-injector
port: 443
targetPort: 8443

0 comments on commit afd7ff7

Please sign in to comment.